Vulnerability Details CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.204
EPSS Ranking 95.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-42737
-
cpe:2.3:h:totolink:x5000r:-
-
cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113